Post

HackTheBox Challenge BabyEncryption (Crypto)

Writeup for HackTheBox Challenge BabyEncryption

Posted Updated
By Edwin Tok
2 min read
HackTheBox Challenge BabyEncryption (Crypto)

Challenge Synopsis

You are after an organised crime group which is responsible for the illegal weapon market in your country. As a secret agent, you have infiltrated the group enough to be included in meetings with clients. During the last negotiation, you found one of the confidential messages for the customer. It contains crucial information about the delivery. Do you think you can decrypt it? (Source)

Enumeration

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

cat chall.py
import string
from secret import MSG

def encryption(msg):
    ct = []
    for char in msg:
        ct.append((123 * char + 18) % 256)
    return bytes(ct)

ct = encryption(MSG)
f = open('./msg.enc','w')
f.write(ct.hex())
f.close()cat msg.enc
6e0a9372ec49a3f6930ed8723f9df6f6720ed8d89dc4937222ec7214d89d1e0e352ce0aa6ec82bf622227bb70e7fb7352249b7d893c493d8539dec8fb7935d490e7f9d22ec89b7a322ec8fd80e7f8921%

Encryption Process in chall.py:

  • Each character in the message (MSG) is transformed using this formula: (123 * char + 18) % 256.
  • This is a linear equation where 123 is the multiplier and 18 is the constant added.
  • After applying this formula to each character, the result is saved as a hex-encoded ciphertext in msg.enc.

Exploitation

Steps to solve:

  • Read the ciphertext from msg.enc.
  • Find the “modular inverse” of 123 modulo 256 to “undo” the multiplication.
  • Apply the reverse formula to get each original character back.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

from sympy import mod_inverse

def decryption(ct):
    print("[*] Starting decryption process...")

    # Find the modular inverse of 123 modulo 256
    mod_inv = mod_inverse(123, 256)
    print(f"[*] Modular inverse of 123 mod 256 is {mod_inv}")

    # Decrypt each byte
    msg = []
    for byte in ct:
        # Reverse the formula: (byte - 18) * mod_inv % 256
        original_char = (mod_inv * (byte - 18)) % 256
        msg.append(original_char)
        print(f"[*] Decrypted byte: {byte} -> {original_char}")
    
    print("[*] Decryption complete!")
    return bytes(msg)

def main():
    print("[*] Reading the encrypted message from 'msg.enc'...")
    with open('./msg.enc', 'r') as f:
        ct_hex = f.read().strip()
    print(f"[*] Encrypted message (hex): {ct_hex}")

    # Convert hex string to bytes
    ct = bytes.fromhex(ct_hex)
    print(f"[*] Encrypted message (bytes): {ct}")

    decrypted_msg = decryption(ct)

    print("[*] The decrypted message is:")
    print(decrypted_msg.decode('utf-8'))

if __name__ == "__main__":
    main()

1
2

❯ python3 solve.py
Decrypted message: b'Th3 nucl34r w1ll 4rr1v3 0n fr1d4y.\nHTB{l00k_47_y0u_r3v3rs1ng_3qu4710n5_c0ngr475}'

Flag: HTB{l00k_47_y0u_r3v3rs1ng_3qu4710n5_c0ngr475}

HackTheBox Challenge
challenge ctf crypto
This post is licensed under CC BY 4.0 by the author.